Over a decade of DDOS--any progress yet?
Jack Bates
jbates at brightok.net
Wed Dec 8 16:17:44 UTC 2010
On 12/8/2010 10:13 AM, Drew Weaver wrote:
> The most common attacks that I have seen over the last 12 months, and let's say I have seen a fair share have been easily detectable by the source network.
>
> It is either protocol 17 (UDP) dst port 80 or UDP Fragments (dst port 0..)
>
> What valid application actually uses UDP 80?
>
> You could literally wipe out a large amount of these attacks by simply filtering this.
>
> -Drew
You mean silly things like:
Warning, it is an 87160 line flow capture.
http://www.brightok.net/~abuse/ddos/flows.txt
Jack
More information about the NANOG
mailing list